Look what made it's way to my inbox recently, after Hurricane Dorian finally made its way out of Nova Scotia:

CollabSphere 2019 Heiko, Congratulations, your session titled: "What is Cool with the Domino AppDev Pack, OAuth, Proton and Node.js, and Why Would I use it in my Domino Apps Anyway?" has been accepted for MWLUG/CollabSphere 2019.

Thanks to Richard Moy and the Collabsphere Team for accepting this session that I will be happily co-presenting with Graham Acres from Brytek Systems in Vancouver. This will NOT be the same-old stuff from Engage and DNUG but a renewed and revised version with lot's of new stuff included so stay tuned !

Wow, these were three great days ! This has been my 2nd Engage Conference that i attended, the first one as a speaker. Theo Heselmans really outdid himself again this year by finding a cool venue (Autoworld Brussels) and topping it off with perfect logistics like always. The first day on monday (pre-conference) was used to help set up the venue and to start to dive into the community be meeting my fellow yellow peeps being other business partners and IBM Champions. The IBM Champions happy hour at the Sofitel was highly appreciated (thanks Libby !) and the first evening finished off with talks amongst friends having italian pizza and a glass of wine at the sofitel bar.

Day 1 of the conference started with a great keynote session with several speakers. The most impressive one for me was delivered by Richard Jefts (HCL), announcing and speaking about Digital Solutions, the new organisational home for the ICS portfolio inside HCL.

The Maple lounge attended Engage as well one more year and you will see interviews with Tim Clark (HCL) about the HCL Masters program as well as an interview with Francois Nasser about the HCL Partner porgrams and sales processes inside HCL shortly on the C3UG youtube channel.

I attended roundtables and sessions for the rest of the day, I especially liked Knut Herrman's session about building web components for Domino and the future directions for the AppDevPack and DQL by Dan Dumont. Theo invited us to a VIP dinner in the evening in Brussels - food at talks where fantastic. Wednesday, Day 2 started mostly in preparing my own session, but I was able to attend the Notes 11 preview with Ram Krishnamurthy - we saw a first glimpse of Notes 11 including PDF Export and Meetings extending over midnight ! My session later in the morning with Graham Acres abaout the Domino AppDev Pack, React and Node.JS was well received - the room was packed and the Demo worked as planned:

The audience was able to use the demo app live and they did ! The slides and the code will be available from the C3UG Github Repo shortly. In the afternoon I visited the Domino on Docker Bootcamp with Thomas Hampel and Daniel Nashed and the Domino and SSO session by Danielle Vistalli - two great sessions again ! Finally, Theo closed the doors with a farewell drink and the IBM Champions picture of the year and finished it off with a speakers dinner at the Atomium in Brussels - as my flight went out early, I wasn't able to attend that but lucky enough, the day later, brussles aiport was on strike and I would have probably missed my flights back home

Thanks again Theo + Hilde for this great event - I am looking forward to next year already. For those of you who were not able to see our session - feel free to visit us at DNUG on June 4th and 5th in Essen, Germany ! Cheers, Heiko.

The Domino AppDevPack 1.0.1 is available for download from Passport Advantage or the Software Access Catalog. Part-Number is: CC0NGEN

It now supports Linux and Windows servers and comes with a pilot install option for IAM to get you started quick & easy to test-run the OAUTH2 components. Here's the 'What's new' Section from the Documentation:

What's New in Release 1.0.1Release 1.0.1 includes the following new features:

IAM service is officially released.

Microsoft Windows support. Both Proton and IAM can now be deployed to Windows.

Compute with form support for create, read and update operations. See Compute with form for details.

The ability to read and write $REF items. For more information, see NOTEREF_LIST.

A test script for verifying your connection to Proton. For more information, see Proton Test Script.

Node.js 10.x support. This version of domino-db was tested with Node.js 10.x. Previous versions of Node.js are deprecated.

thanks Theo for picking up our session about:What is Cool with Domino V10, Proton and Node.js, and why would I use it in my Domino Apps Anyway?

In this development oriented session, we will present an overview of the possibilities of extending your Domino dev environment to use Node.js and modern front end frameworks like React. What is it that makes these new tools so appealing? What do they give me that I didn’t have before? We will show you how to get started and how to make it all work with your Notes client apps. Using a simple questionnaire demo app we will show you how you can teach that legacy Domino dinosaur some cool new tricks. You will leave with the demo app and the source code to be productive in Domino V10 right away.

Co-IBM Champion and Co-C3UG staff member Graham Acres from Brytek in Vancouver and myself from Halifax will join forces in a East-Coast meets West-Coast presentation with a lot of sample and demo code to give away.

Come join us on Wednesday, May 15 | 11:30 - 12:30 | D. Minerva !

Thanks again to the team at #engageug - we are happy to be part of the show !

This is the 2nd post in my "IAM dabbeling" sequence - as a preamble let me say upfront that I am not an administrator and no expert in the TLS/SSL arena. I am a (web) developer who wants to use OUATH2 in my Node.JS applications with Domino. That said, some experts out there might be finding easier/better ways to achieve this goal - I'm happy to learn. What I do here is to write down the path that worked for me - yours might be different/easier/quicker - feel free to comment.

With that, let's get started with the basics of setting up IAM which is: Setting up the proton task on your domino server and securing it using SSL encryption and Authorization.

First thing up - as we install the Domino appdev pack, we have to run the proton server add-in task on a linux Domino server. The current version (february 2019) is only available on Linux. This is the proton protocol task for Domino only - domino-db as the Node.js package can be run on any platform - in my case all the test node applications (proton clients) are running on MacOS.

I am not using Docker containers for now, I decided that a VM running CentOS 7.5 would be sufficient for me. In case you want to use Docker, keep an eye on Daniel Nasheds Blog as well as he is heavily envolved in making these happen. Also check out the following repo from Thomas Hampel as starting point for Docker and Domino:https://github.com/IBM/domino-docker

So let's assume you have a VM with CentOS 7.x and Domino 10.0.1 installed. You have a user for Domino that ideally is part of the SUDOs group.

My Domino Server paths are the following, please take note of yours accordingly:

I also added the basic alias proton1 to my hosts file in the CentOS VM to 127.0.0.1 as an additional alias as well as my Domino alias proton1.c3ug.ca

Step 2: Firewall Considerations

CentOS 7.x runs systemd firewall per default. using Webmin or other visual tools you can open up the ports needed by the various tools or do as I did and disable the VMs firewall as it is always running behind the Macs firewall plus the routers firewall. DO NOT DO THIS IN PRODUCTION - this is for dev/test purposes only !!!

Then, we have to install node manually as we can not use the latest stable release. I found this pretty helpful:

Install a Package from the Node Site One option for installing Node.js on your server is to simply get the pre-built packages from the Node.js website and install them. You can find the Linux binary packages here. Since CentOS 7 only comes in the 64-bit architecture, right click on the link under "Linux Binaries (.tar.gz)" labeled "64-bit". Select "Copy link address" or whatever similar option your browser provides. On your server, change to your home directory and use the wget utility to download the files. Paste the URL you just copied as the argument for the command: cd ~ wget https://nodejs.org/download/release/v8.12.0/node-v8.12.0-linux-x64.tar.gz

Note: Your version number in the URL is likely to be different than the one above. Use the address you copied from the Node.js site rather than the specific URL provided in this guide. Next, we will extract the binary package into our system's local package hierarchy with the tar command. The archive is packaged within a versioned directory, which we can get rid of by passing the --strip-components 1 option. We will specify the target directory of our command with the -C command: sudo tar --strip-components 1 -xzvf node-v* -C /usr/local

-> Remark by Lothar Müller (edcom): in his version of CentOS (7.6) the syntax has changed so please try in case this is not working for you:sudo tar --strip-components=1 -xzvf node-v* -C /usr/local This will install all of the components within the /usr/local branch of your system. You can verify that the installation was successful by asking Node for its version number: node --version

v8.12.0

The installation was successful and you can now begin using Node.js on your CentOS 7 server.

if necessary, add the PROTON task to the SERVERTASKS= line in the notes.ini in /local/proton/dominodata/notes.ini in my case.

The proton task should now be up and running

Step 5: Securing PROTON with SSL and Client Authentication

Step 5.1: Downloading and installing the KYR-Tool

If you ever dealt with SSL and Domino you might be familiar with the KYR-Tool. If not, this is a special tool to package SSL Certificates in a keyring file in a way that Domino can consume. This tool is not be default part of the domino server install and has to be downloaded seperately. You can find the download here:

These changes are related to my certifiers in Domino. I would think they are not needed but I had issues importing the client certs later for the technical users without them. Might as well be only me but this worked for me. SO PLEASE USE YOUR CERTIFIER STRINGS here accordingly !

After some talks on slack with Oliver Busse, please make sure that your file access to the Domino paths is correct for the notes user. Sometimes even running the scripts using sudo gives you errors with certain files, e.g. server.key. In this case, check your permissions, delete the old stuff from a previous run and try again. Running as root is a option but you will have to chown your user right after running the scripts for the notes user or you have the next pitfall. Don't worry, running those scripts does not do anything harmfull to your environment so you can run them until the result is ok. patience is of the essence here. This will create "server.key, server.crt, app1.crt, app1.key, app2.crt, app2.key, ca.crt and ca.key, etc.)

Step 5.3: Create the Domino Keyring file

In a great effort, Oliver Busse fixed the scripts, so download make_keyring.sh from here:

Proton authenticates client application requests based on the setting of the PROTON_AUTHENTICATIONnotes.ini setting. Valid options are:

client_cert: The client certificate is mapped to a Person document in the server's directory. Access to data is calculated based on this identity. Proton must be enabled for TLS/SSL for this option.

anonymous: All requests are made as the Anonymous user identity. This name does not need to appear in the directory, but it does need to exist in database ACL. This option is available with and with out TLS/SSL being enabled.

The default behavior when the setting does not exist is to provide Anonymous access to Domino databases.

Client certificate authentication

To require that applications provide a valid client certificate set the following notes.ini variable:

PROTON_AUTHENTICATION=client_cert

With this setting enabled there are some additional administrative and client requirements.

The client application must supply a valid client certificate when making domino-db requests to the Proton server on Domino. The common name in the client certificate must have a name that can found in the Domino directory. Proton performs a lookup in the Domino directory to find the person document.

The Domino administrator must create a Person document in the Domino directory and perform the Import Internet Certificates Action on the Person document. This is required because the client certificate is verified against the known certificate in the Domino directory.

Now - a lot of people get stuck here - import the certificates by importing the app1.crt file. No need to create a *.pem or whatever. Example using app2, please use app1 for your demo:

Create a person record for app1. Then after saving it, select the Actions Menu...

and select "Import Internet Certificates" ! This brings up the following dialog:

Select "All Files" an pick the app1.crt file !

use the app1.crt here ! keep the format as is. Click "accept all" Save & Close and re-check: Done !

Step 5.6 Add Client Authentication to PROTON

Stop the domino server

edit notes.ini

add the following line to your Notes.ini:

PROTON_AUTHENTICATION=client_cert

restart your server.

Now, this concludes the SSL/Authentication part !

Step 6: Test your configuration

Now, let's start coding a bit.

The appdev pack comes with samples that let you test the connectivity using SSL and Authentication:

Use the domino-db Quick start sample. Here's a configuration for your domino server access using SSL and Client Authentication:

I am using ca.cert, app1.crt and app1.key from above and copied them into the project. Here's the source of my server-config.js code.

So, welcome 2019 ! This last year went by in a blast for me, I was more busy than ever running Harbour Light in Canada and Co-Running SIT in Germany. Both ventures have been very successful in 2018 - we grew our customer base, extended our product portfolio and most of all made the shift from a pure IBM shop to a full stack development and project management organization. We had a lot of new technologies coming into our stack this year - the first AI and VR/AR applications went live. We have our first implementations of Apples AR solutions as well as the first productive applications using Microsofts Hololens product. A very strong discipline we had to invest in 2017 was API Design and this payed off in 2018 - being able to develop middleware in an agile way using AI services and multi cloud environments became essential to our business. Our first large application in that area was presented at DNUG, ICON UK and DNUG Developer Days and we will see a C3UG Video shortly.My special thanks go out to my employees on both sides of the pond - my two little ones took a huge chunk of my professional time again this year as daycare is still more a concept in germany than a relieable infrastructure component. Without my employees covering my back whenever needed, I would have run aground several times this year. A big thank you goes to Gaby - our Nanny, without you, we would not have been able to run our professional life, so thank you !

Besides my two companies, I had some off-time ventures that really gave me joy as it was so much fun to work with talented and gifted people from Canada throughout the year - C3UG and our video series became a very interesting way for me to talk to other yellow bleeders and to discuss news, products and features in a fun and intuitive way. So Scott, Colin, Graham - thanks for a great year and I am looking forward to new things coming up in 2019.

Our beloved Domino Environment took new flight in 2018 - and after some twists and turns (I vented about this already) the future for a lot of the former ICS portfolio seems to have a bright future ahead at HCL. I personally would love to see these products thriving again and it would be great to be part of this journey in the future. This includes Connections and I product I really like for a long time already - WebSphere Portal.

The world became no safer place in 2018 and wont be in 2019 - I generally do not like where isolationism is taking our western societies, we will see what happens this year in the EU regarding the elections and Brexit. The economy is looking stable still but its crumbling on the edges, lets hope for a stable year 2019 here as well. I won't be venting here about politics - reality is more absurd than comedy or satire. That's more than telling for me.

Right before christmas, I received a nice email from IBM letting me know that I will be an IBM Champion for ICS in 2019 ! Thanks to everyone who voted for me, even though I might not have been politically correct all the time - I am really looking forward to work with this group of passionate, talented and gifted people in 2019. And I am grateful for this honor - I had some dreams in my professional life - speaking at lotusphere once (done that in 2016) and becoming an IBM champion was among them. So thank you all for making it possible to remove one item from my bucket list !

May 2019 be a good year with health and prosperity for all my readers, friends, families and colleagues - let's stay in touch !

The dust settles slowly in these days after the announcement that HCL will buy an assortment of on premises software from IBM for $ 1.8 billion.

For me, there are two sides of the same medal to look at if we talk about this deal.

Side 1: HCL and its new possessions.

HCL made it very clear that they invest into these software assets to establish a new revenue stream to their company making the move to be a software reseller too after coming from a very effictive and well-running services area. What HCL came up with for IBM Notes/Domino V10 and the plans for V11 looks encouraging - the new features are well received by the ever-faithfull and the yet small but remarkable buzz around the platform as well. The question for me is - will this be enough for the customers to trust HCL and stay on the platform or will this be the final nail in the coffin for the remainders of the IBM collaboration portfolio ? Time will tell, everyone encourages customers to stay while I just wait for all of my fellow business partners with migration tools to creep out of the holes again to finally rip the cadaver apart... . I hope HCL is able to pull off some strong messages soon - for Connections, Commerce and Portal as well as a lot of customers are still using these tools and they have been left out in the cold at least for as long as the Domino folks by IBM. So HCL - give us a strategy update quick to let us (your potential partners and their customers) know what to expect !

Side 2: IBM - the BREXIT from eveything

How can a company possibly screw up so many things in such a short amount of time ? I am not talking Notes/Domino here specifically but it is a posterchild of what happens here. IBM starts a partnership with HCL for N/D, starts Jams, Campaigns, aha-sites and what have you like never in the years before and now, after a couple of months of making partners and customers believe they got it - no, we sell it of and declare a brexit from all things collaboration / commerce / portal and other sort that's on premises. After telling customers that nothing will change for them. Again. From doing nothing for years to start building a momentum to shooting yourself in the foot in two months from the V10 launch - that really can only be topped by the british brexit circus. How much money got spent, how much momentum has been built for this now ? This for me shows IBMs misery these days - conflicting, not trustworthy messages and I am sure that the people in the respective brands were as surprised as us outsiders about these rapid changes. So everyone still using the cloud offerings of IBM should notice this behaviour. Can you really trust this company with your data going forward ? IBM believes in the Cloud so keeping Connections Cloud ond Verse in the Cloud makes sense... . Wait a minute. What ?! For how long ? And then what ? Who will be in charge for bug fixing, support, future development ? I guess the cloud stuff would have been sold as well if the data security issues would have been easier to resolve.

To me, the state of IBM is shocking. Is this a company I can/want to partner/trust in the future ? Of course all of this is part of business as usual but while other companies buy and sell parts of their portfolio all the time, the clear lack of vision and somewhat coordinated communication within the last couple of months leaves me almost speechless. The company I started my professional career in is no longer a general IT business. It's becoming a highly profitable niche player, discontinuing stuff on the go they are no longer able to sustain and maintain. Good luck IBM. I don't think this will lead you and your (in a lot of cases very talented) employees into a sustainable future. But that's just my guess - who am I to tell IBM what to do ;-).

Conclusions:

On the upside of things I believe that for most customers using the tools now sold to HCL there will be a smooth transition regarding contracts, support and so forth so nobody will be left out in the cold. The real issues for me are more strategic ones. Thank god the holiday season is coming up, this leaves some off time to vent and think things through. While I am tempted to become an HCL partner with my companies, I will have to think twice of what to do with IBM. I have to see if there is enough value proposition in the watson area for us as a small ISV to continue or if we should switch to AWS, MS or Google for all things cloud based services. We do this to some extent today already, but damn it, I would have loved to have some compelling options in this game using IBM technology. Today, after some really bad experiences with the IBM Cloud, I'm not so sure there either. Lots to think about for 2019... . What's your take ?